Manalyze report for d1854393372172c88e658c2b57762dec840dfe2dd3d3cb7a16fff188c4e15cc1

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Jul-12 16:33:26
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .buildid`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 92.2926% of the executable.`
Suspicious	VirusTotal score: 1/72 (Scanned on 2026-03-01 07:23:52)	`Cylance: Unsafe`

Hashes

MD5	`b39ad35e84af1fd09d500af11ddcc2f0`
SHA1	`2a2081fe7f44808a7abab7c26be68cbfb39f19bc`
SHA256	`d1854393372172c88e658c2b57762dec840dfe2dd3d3cb7a16fff188c4e15cc1`
SHA3	`fc3160c22a35374bcd48874f607534222432ffffb392a091afd8111062de8d3b`
SSDeep	`3072:/Q4W9soIuOhDyO26QzO7oegzVpLznlVV0bXT3LxMJCPQtjeja0ECzDOYQhVLGEN:4abDF26Q67IVlVVUXGJCPoayMCYAh`
Imports Hash	`8d88ee3d02e50123906bab082925025d`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2025-Jul-12 16:33:26
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1a00`
SizeOfInitializedData	`0x17a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001160 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x37000`
SizeOfHeaders	`0x400`
Checksum	`0x33383`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x800000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e350e5d12b865f27b329760233d88fdc`
SHA1	`0a5636c2cc88eff9cd8516bcf375a5823c8a5ec2`
SHA256	`c5bbb5f255c2e70e1e75e98e5f03f22cffe4db8f53be123cf345856fc17e7eb5`
SHA3	`9b2d28a3e3a3cd27bfd31b324eff44ee6fd855feba5fe37c9d5837e76c5f7498`
VirtualSize	`0x1976`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.88586`

.rdata

MD5	`a2acda28d16f9ba7c49956324cbc9fb3`
SHA1	`09e4d71d975500abb731a9f4f714065ab77508d3`
SHA256	`6e15ad3714bbd7f821479206a0c92f7e35bb261f02965352411784636f85853f`
SHA3	`0419ac4dc84d2c6e37b2235a53fd8eb620788d5212687716b4610b2a5f790264`
VirtualSize	`0x10e0`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.15833`

.buildid

MD5	`f142b81bf175d4e9eee893695cb9d62d`
SHA1	`61a379f6410cb7dd918295b396ed9669a93615d7`
SHA256	`2dff418de70bd7b5e7ff5cf3d3d20a0fb37e24d9d06324773e91be7247e742c7`
SHA3	`1af7d4be7050aa6f1c47e110cdeab35c0601642304d1616ced0675a00caa1f03`
VirtualSize	`0x35`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.604661`

.data

MD5	`a55b2b5b5992ee63766a195ad0506662`
SHA1	`bd06875afb641b095f71d71abba1c1a729a897ed`
SHA256	`8d92b355f9b7066015a80bb6ef849a380911026a1b98b8e070e3eaca0b049b1e`
SHA3	`9c1e93f6640bc2d0c3a2963e73c66ade186fd29d4527a6d43d0198c7d87b4ea4`
VirtualSize	`0x120`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.644065`

.pdata

MD5	`f6366b4e43edde63802c654974735b2a`
SHA1	`bc0e7f1b3ae59748ebf7cff39be19f426e08a9c0`
SHA256	`5f891542771b1b0413f66178c558ab67c52f0a22ab54d5c8591e2e70f2b7cd63`
SHA3	`83266372045ce97e826b31c98958926de0d42d571b0ae4cdfc972550336f3653`
VirtualSize	`0x138`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.52704`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`1d7954e5d34dae7ca0b818b42c771da7`
SHA1	`febc71a1f840184bc76cf7f1c399f262a198df89`
SHA256	`69cd5f603cb60d041ffbe9a2fe533a40ed9ed64ba169a23cc98ee7b7f7b74959`
SHA3	`016c743c3d49877b79ca0765e2c5935e5718fb3a862e5c6226a8cc7df189f911`
VirtualSize	`0x2da6c`
VirtualAddress	`0x9000`
SizeOfRawData	`0x2dc00`
PointerToRawData	`0x3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.76975`

Imports

api-ms-win-crt-private-l1-1-0.dll	`__C_specific_handler` `memcpy`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__commode` `__p__fmode` `__stdio_common_vfprintf` `__stdio_common_vswprintf` `fwrite`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argc` `__p___wargv` `_cexit` `_configure_wide_argv` `_crt_atexit` `_exit` `_initialize_wide_environment` `_initterm` `_initterm_e` `_set_app_type` `_set_invalid_parameter_handler` `abort` `exit` `signal`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `calloc` `free` `malloc`
api-ms-win-crt-string-l1-1-0.dll	`_wcsdup` `memset` `strlen` `strncmp` `wcslen`
USER32.dll	`MessageBoxW`
KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `GetLastError` `GetProcAddress` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryW` `SetDllDirectoryW` `SetUnhandledExceptionFilter` `Sleep` `TlsGetValue` `VerSetConditionMask` `VerifyVersionInfoW` `VirtualProtect` `VirtualQuery`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-environment-l1-1-0.dll	`__p__wenviron`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.59246`
MD5	`496f5d04b621f9aa03b04871d9087924`
SHA1	`6f6e7c3ec0972049f0dd671e173447bcad8ea94b`
SHA256	`3caf677a43a5cafdbf7aae493cd8816f4ab9e38f780ab2c5dc290591153891f3`
SHA3	`e18327379ee32a8f015f0772e3f5fc110494853e9f47fa2d09dbd52ac91c1e33`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.81763`
MD5	`236a60087273cc95d9ac6e451899ae34`
SHA1	`659239e24b7d6438554fbe6f60e618dd335e1661`
SHA256	`6cc9c0e2eb7a596778c0aff3946b0aa351d74d50adbd8b53cf7fc7a8fd81acc6`
SHA3	`ca6367be7ac9b60a14d59f69a5c906d753d77c37ab1c167b300b36210719d176`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.82225`
MD5	`b91aca577a6b0e74bd2bf0685b8794b0`
SHA1	`4778345e85b50ccca53a6a267d6c8371133f047d`
SHA256	`9f485f1d0f68bb83ccb34bd1f478e3c6c27dcba4890ebe0de4017df95cfa3797`
SHA3	`c659ac94423ba8aceb4bbfa0a2f3fbdd49c1f8a27c1c816296eb7240bd66a475`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.92264`
MD5	`97d369b36658a8b7ccd5e273fb6c5773`
SHA1	`f78ad730203b428d39d2495017c293d0f143801d`
SHA256	`fc62cdc2ee130d123b27f3a6e2182a44c9089dac2c1ce7d3742cc84bd62b3882`
SHA3	`42b470e3cd5ea068f4aca3ae39a80fe5c6185acf9511df9325f0820f6ec6cc13`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.48922`
MD5	`e9d43cd46ede11d0b7dd5d8d59cf303c`
SHA1	`a2e203cc435d743e6d87cd816583e3af6814d478`
SHA256	`be1d8103e86451a8d189978d49ee1916331a2dbcfd3e970b6da986fcc024170e`
SHA3	`79c610c4ee8bc5e876884b6831d58ab8e39c87d67e481ddfcd62b635a1a4dbfd`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x20b7c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99076`
Detected Filetype	PNG graphic file
MD5	`03af0f6e1ecb20c3690760b5891553e4`
SHA1	`24c1d06d0f27eaf94bb2b6988d12118abc786f2c`
SHA256	`832b754b2b247681f40954871b41170170e76c4f59d8aafa78b30fbeb1b648b9`
SHA3	`f99c9cc106acda290ff2494de25a2898ccee499bfc219cbedf558b1dfc5a3ed8`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.50882`
MD5	`975764fdb8beddd8dc17e0bb1dae4db2`
SHA1	`2c7a3706e80179151c5f10a048224c131ca8b6dc`
SHA256	`4c622c80c8f06a81fe882f2fecabfa467df73ffe2ab7ccce68a6f5c624c37c78`
SHA3	`d2de8019181c303933c9594a977ad2a284b1ea0f04bfc17af59b1bd91705752d`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.49106`
MD5	`b8a3fc0d1a80a9628c1694a808c1038c`
SHA1	`92a0cf657c576d3b7418a5148965bf6ffde2aa26`
SHA256	`81bc777361024407e57682d9fceb4aa70ce5fb39c0197632a9949b37ceba0cfa`
SHA3	`d60cce0ee9b2bdd1fcdaf430255a93c3b4ed42a88922b48f2ef76a522aa8079b`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.48038`
MD5	`397cb9dabfeb00ce709a92b551076645`
SHA1	`9ad6a7aed3c3980d6888d1b6a3ed876c27641376`
SHA256	`21146984b4330871c9331dacde9cfd5f0ce2002f175984fab774bbe6e1258e7d`
SHA3	`b1b966296d9b2efc70055359e72adce5b395c88217cff21d1b7f938cda1a6e8c`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.4967`
MD5	`91edeb5a6a5089a878d54c2eb1b17ad8`
SHA1	`d1f990ebcdd0352a28fd13e08d82bf53eeb440f0`
SHA256	`9fe5f958935d813f766e7d5b6713de54aa5f001645358e67bff73a4bdddd98df`
SHA3	`3a1c3e80f0872157c0265921b8eb76eed0e0321b88a9e777672225d9e2ccae3d`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.4338`
MD5	`6b3864c85eb8301603a60e156b92968b`
SHA1	`84a68584ed18e855ea6c15b3a2160a21483f62c8`
SHA256	`58972d683a15896c32843bb01dda72630d92ad05888a4712c65829751888e8b6`
SHA3	`96db7b8a0d2154bfaf6905e04b8a924be121a36c1e8ecd3b85416b9c40f482d5`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.36536`
MD5	`65c99d9e71babfd364530f8ec05b038f`
SHA1	`ba2cc62574c46164af6d609ec0109d7487167296`
SHA256	`92ded69fa0ac92ce74eada7016c09df2153c0f2133cf3213cc6ff03af889eb1e`
SHA3	`ec75b973343f59e0bc86da97b2ff79757999951acc71ba06acb59923d96111dd`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.21515`
MD5	`8faf88acc1a676ec5fda49cfc5a0be9c`
SHA1	`3a728d3a872baac509c1e935b0cfec3d3bd4bd8b`
SHA256	`bea6844c44f6187913c8a0f4ac5eb06478d51a0aae7d71bf9ba10a93c8bd67c6`
SHA3	`32e8aad6c5603a08baf79fc47925441eb004292ba82535adcf6f2c882daa1d1a`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xbc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.13393`
Detected Filetype	Icon file
MD5	`8aa14e789da52a356a5ae057cff62c03`
SHA1	`9efad6d93c15c4429e728510bd974ab128300d61`
SHA256	`de383209382fdc526f98700b676bcc829d7a50b48f779a1c69d4d0cc44321795`
SHA3	`3b83d9d2409b652428f8031431de0195625fdd2d5457685e51f5cdbadb2ec03d`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2bc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.82693`
MD5	`67d470b193d92eaedadc0bb58838f5f1`
SHA1	`f3d3d4f28c3635167a46e075d490c33bdbb01496`
SHA256	`7a7ce637fc4e50b945d45254545c848c8350184f51ee13abca9188621c9bad25`
SHA3	`87048578496162e372472f4afe5412b15ce526e1ab77d805f4e73f0a59a0c7f1`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Jul-12 16:33:26
Version	`0.0`
SizeofData	`25`
AddressOfRawData	`0x501c`
PointerToRawData	`0x301c`

TLS Callbacks

StartAddressOfRawData	`0x140008000`
EndAddressOfRawData	`0x140008008`
AddressOfIndex	`0x140006078`
AddressOfCallbacks	`0x1400036b8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x0000000140001580` `0x0000000140001600`

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0`

RICH Header

Errors

[!] Error: Could not read an IMAGE_BASE_RELOCATION!

Leave a comment

No comments yet.